Vulners
Lucene search
FlashFXP v3.6.0 - Buffer Overflow Vulnerability
🗓️ 20 Jul 2011 00:00:00Reported by Vulnerability Research LaboratoryType 
vulnerlab🔗 www.vulnerability-lab.com👁 53 Views
Document Title:
===============
FlashFXP v3.6.0 - Buffer Overflow Vulnerability
Release Date:
=============
2011-07-20
Vulnerability Laboratory ID (VL-ID):
====================================
121
Product & Service Introduction:
===============================
FlashFXP is a FTP (File Transfer Protocol) client for Windows, it offers you easy and fast ways to transfer any file between other local
computers (LAN - Local Area Network) running a FTP server or via the Internet (WAN - Wide Area Network) and even directly between two
servers using Site to Site transfers (FXP - File eXchange Protocol). Use FlashFXP to publish and maintain your website, Upload and download
documents, photos, videos, music and more! Share your files with your friends and co-workers using the powerful site manager. There are many
features and advanced options available within FlashFXP which are being added with the release of each new version stable or beta*. The software
is available in over 20 languages and under active development. FlashFXP offers high security, performance, and reliability that you can always
depend on to get your job done swiftly and efficiently.
(Copy of the Vendor Homepage: http://www.flashfxp.com)
Abstract Advisory Information:
==============================
Vulnerability Laboratory Research Team discovered a Buffer Overflow Vulnerability on FlashFXP v3.6.0.
Vulnerability Disclosure Timeline:
==================================
2011-07-21: Public or Non-Public Disclosure
Discovery Status:
=================
Published
Affected Product(s):
====================
Exploitation Technique:
=======================
Local
Severity Level:
===============
Medium
Technical Details & Description:
================================
A Buffer Overflow Vulnerability is detected on FlashFXP. The vulnerability is located on the unrestricted
(size-string) import function. Attackers implement large uni-code strings to overwrite the ebp & eip of
the software process. Successful exploitation can result in system compromise via process escalation with
system process privileges.
Vulnerable Module(s):
[+] .dat import
[+] File Assosiations
--- DEBUG LOG ---
(4a4.198): Unknown exception - code 0eedfade (first chance)
(4a4.198): Unknown exception - code 0eedfade (first chance)
(4a4.78c): Break instruction exception - code 80000003 (first chance)
eax=7ef9d000 ebx=00000000 ecx=00000000 edx=772cf50a esi=00000000 edi=00000000
eip=7724000c esp=05c2ff5c ebp=05c2ff88 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
--- ERROR LOG ---
date/time : 2010-04-13 01:20
computer name : HOSTBUSTER
user name : Rem0ve
operating system : Windows NT New Tablet PC x64 build 7600
system language : German
system up time : 7 hours 57 minutes
program up time : 2 minutes 9 seconds
processors : 2x Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
physical memory : 2563/4091 MB (free/total)
free disk space : (C:) 233,38 GB
display mode : 1366x768, 32 bit
monitors : 1
process id : $13bc
allocated memory : 115,85 MB
executable : FlashFXP.exe
executable hash : 370F40D4853967D56580F0699D3958DE
executable size : 3068360
exec. date/time : 2008-02-20 10:52
version : 3.6.0.1240
madExcept version : 2.7k
exception class : ERangeError
exception message : Range check error.
main thread ($15bc):
0040593a FlashFXP.exe System DynArraySetLength
00405aa1 FlashFXP.exe System @DynArraySetLength
0049cc08 FlashFXP.exe cxGraphics 1587 +61 TCustomConsole.WrapLine
0049c9be FlashFXP.exe cxGraphics 1451 +40 TCustomConsole.AddText
005df7bf FlashFXP.exe FrmMain1 9659 +43 TFrmMain.AddTextStatus
005e1597 FlashFXP.exe FrmMain1 10166 +314 TFrmMain.ConnectToHost
005f7dc7 FlashFXP.exe FrmMain1 17531 +329 TFrmMain.CmdLineConnect
005cd9c2 FlashFXP.exe FrmMain1 2444 +4 TFrmMain.SMConnect
004768e1 FlashFXP.exe Controls 4233 +37 TControl.WndProc
00479116 FlashFXP.exe Controls 5698 +42 TWinControl.WndProc
004699dd FlashFXP.exe Forms 3190 +139 TCustomForm.WndProc
004c449e FlashFXP.exe ThemeMgr 591 +10 TWindowProcList.DispatchMessage
004c4df4 FlashFXP.exe ThemeMgr 1149 +38 TThemeManager.FormWindowProc
004c62f8 FlashFXP.exe ThemeMgr 2056 +2 TThemeManager.PreFormWindowProc
005290ea FlashFXP.exe VistaAltFixUnit 269 +1 TFormObj.WndProc
00478da0 FlashFXP.exe Controls 5571 +3 TWinControl.MainWndProc
00466aac FlashFXP.exe Forms 1484 +8 StdWndProc
7698810d user32.dll DispatchMessageA
0046f6a3 FlashFXP.exe Forms 6898 +34 TApplication.ProcessMessage
0046f6da FlashFXP.exe Forms 6936 +1 TApplication.HandleMessage
0046f8fa FlashFXP.exe Forms 7026 +21 TApplication.Run
00624e6c FlashFXP.exe FlashFXP 671 +503 initialization
75453675 kernel32.dll BaseThreadInitThunk
thread $ebc:
77251ee6 ntdll.dll
75453675 kernel32.dll BaseThreadInitThunk
thread $1748:
77251ee6 ntdll.dll
75453675 kernel32.dll BaseThreadInitThunk
thread $1478:
772500fd ntdll.dll
75453675 kernel32.dll BaseThreadInitThunk
thread $1308 (TChangeHandlerThread):
772500fd ntdll.dll
757a095c KERNELBASE.dll WaitForMultipleObjectsEx
75451628 kernel32.dll WaitForMultipleObjectsEx
7545191c kernel32.dll WaitForMultipleObjects
00507339 FlashFXP.exe UPTShellControls 4021 +11 TChangeHandlerThread.Execute
0044bcce FlashFXP.exe madExcept HookedTThreadExecute
0041b104 FlashFXP.exe Classes 6898 +1 ThreadProc
00403f38 FlashFXP.exe System ThreadWrapper
0044bc01 FlashFXP.exe madExcept CallThreadProc
0044bc43 FlashFXP.exe madExcept ThreadExceptFrame
75453675 kernel32.dll BaseThreadInitThunk
>> created by main thread ($15bc) at:
00506fff FlashFXP.exe UPTShellControls 3916 +2 TChangeHandlerThread.Create
thread $1128:
7724fd31 ntdll.dll
757a2c4a KERNELBASE.dll SleepEx
757a351b KERNELBASE.dll Sleep
0044bc01 FlashFXP.exe madExcept CallThreadProc
0044bc43 FlashFXP.exe madExcept ThreadExceptFrame
75453675 kernel32.dll BaseThreadInitThunk
>> created by main thread ($15bc) at:
755b642e ole32.dll
thread $1348:
77251ee6 ntdll.dll
75453675 kernel32.dll BaseThreadInitThunk
thread $14ec:
77251ee6 ntdll.dll
75453675 kernel32.dll BaseThreadInitThunk
thread $127c:
77251ee6 ntdll.dll
75453675 kernel32.dll BaseThreadInitThunk
thread $1104:
77251ee6 ntdll.dll
75453675 kernel32.dll BaseThreadInitThunk
thread $1530:
76987e47 user32.dll
0044bc01 FlashFXP.exe madExcept CallThreadProc
0044bc43 FlashFXP.exe madExcept ThreadExceptFrame
75453675 kernel32.dll BaseThreadInitThunk
>> created by thread $ebc at:
768b480b SHLWAPI.dll
thread $998:
77251ee6 ntdll.dll
75453675 kernel32.dll BaseThreadInitThunk
thread $e38:
7724f871 ntdll.dll
757a0810 KERNELBASE.dll WaitForSingleObjectEx
7545117f kernel32.dll WaitForSingleObjectEx
75451133 kernel32.dll WaitForSingleObject
0044bc01 FlashFXP.exe madExcept CallThreadProc
0044bc43 FlashFXP.exe madExcept ThreadExceptFrame
75453675 kernel32.dll BaseThreadInitThunk
>> created by main thread ($15bc) at:
75554d5c WS2_32.dll
modules:
00400000 FlashFXP.exe 3.6.0.1240 C:/Program Files (x86)/FlashFXP
04820000 ssleay32.dll 0.9.8.9 C:/Program Files (x86)/FlashFXP
10000000 libeay32.dll 0.9.8.9 C:/Program Files (x86)/FlashFXP
6a460000 ieframe.DLL 8.0.7600.16535 C:/Windows/system32
6da00000 WMVCore.DLL 12.0.7600.16385 C:/Windows/system32
6dc70000 wpdshext.dll 6.1.7600.16385 C:/Windows/system32
6df50000 NetworkExplorer.dll 6.1.7600.16385 C:/Windows/system32
6fcb0000 ntshrui.dll 6.1.7600.16385 C:/Windows/system32
6fd30000 SXS.DLL 6.1.7600.16385 C:/Windows/system32
6fd90000 EhStorShell.dll 6.1.7600.16385 C:/Windows/system32
6fe00000 slc.dll 6.1.7600.16385 C:/Windows/system32
6ff30000 SearchFolder.dll 6.1.7600.16385 C:/Windows/system32
701f0000 SAMLIB.dll 6.1.7600.16385 C:/Windows/system32
70210000 actxprxy.dll 6.1.7600.16385 C:/Windows/SysWOW64
70260000 StructuredQuery.dll 7.0.7600.16385 C:/Windows/System32
702c0000 UIAutomationCore.dll 7.0.0.0 C:/Windows/system32
70350000 xmllite.dll 1.3.1000.0 C:/Windows/system32
70410000 DUI70.dll 6.1.7600.16385 C:/Windows/system32
704d0000 explorerframe.dll 6.1.7600.16385 C:/Windows/system32
70b00000 msls31.dll 3.10.349.0 C:/Windows/system32
70b30000 ieproxy.dll 8.0.7600.16535 C:/Program Files (x86)/Internet Explorer
70b60000 EhStorAPI.dll 6.1.7600.16385 C:/Windows/system32
70b90000 shdocvw.dll 6.1.7600.16385 C:/Windows/System32
70bc0000 DUser.dll 6.1.7600.16385 C:/Windows/system32
70bf0000 thumbcache.dll 6.1.7600.16385 C:/Windows/SysWOW64
70c10000 PortableDeviceApi.dll 6.1.7600.16385 C:/Windows/system32
70ca0000 LINKINFO.dll 6.1.7600.16385 C:/Windows/system32
70cb0000 audiodev.dll 6.1.7600.16385 C:/Windows/system32
70cf0000 WMASF.DLL 12.0.7600.16385 C:/Windows/system32
726b0000 WindowsCodecs.dll 6.1.7600.16385 C:/Windows/system32
72870000 dwmapi.dll 6.1.7600.16385 C:/Windows/system32
72890000 uxtheme.dll 6.1.7600.16385 C:/Windows/system32
729a0000 tiptsf.dll 6.1.7600.16385 C:/Program Files (x86)/Common Files/microsoft shared/ink
72b40000 Secur32.dll 6.1.7600.16385 C:/Windows/System32
72b50000 apphelp.dll 6.1.7600.16385 C:/Windows/system32
72ba0000 rsaenh.dll 6.1.7600.16385 C:/Windows/system32
72be0000 CRYPTSP.dll 6.1.7600.16385 C:/Windows/system32
72c00000 comctl32.dll 6.10.7600.16385 C:/Windows/WinSxS/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
72da0000 rasadhlp.dll 6.1.7600.16385 C:/Windows/system32
72db0000 fwpuclnt.dll 6.1.7600.16385 C:/Windows/System32
72df0000 pnrpnsp.dll 6.1.7600.16385 C:/Windows/system32
72e10000 napinsp.dll 6.1.7600.16385 C:/Windows/system32
72e20000 winrnr.dll 6.1.7600.16385 C:/Windows/System32
72e30000 DNSAPI.dll 6.1.7600.16385 C:/Windows/system32
72e80000 NLAapi.dll 6.1.7600.16385 C:/Windows/system32
72ea0000 WINSTA.dll 6.1.7600.16385 C:/Windows/System32
73020000 wsock32.dll 6.1.7600.16385 C:/Windows/system32
73040000 wkscli.dll 6.1.7600.16385 C:/Windows/system32
73050000 srvcli.dll 6.1.7600.16385 C:/Windows/system32
73070000 netutils.dll 6.1.7600.16385 C:/Windows/system32
730b0000 winspool.drv 6.1.7600.16385 C:/Windows/system32
73110000 oleacc.dll 7.0.0.0 C:/Windows/system32
733c0000 mswsock.dll 6.1.7600.16385 C:/Windows/System32
73410000 WINNSI.DLL 6.1.7600.16385 C:/Windows/system32
73420000 IPHLPAPI.DLL 6.1.7600.16385 C:/Windows/system32
73440000 RpcRtRemote.dll 6.1.7600.16385 C:/Windows/system32
73450000 MPR.dll 6.1.7600.16385 C:/Windows/system32
73870000 samcli.dll 6.1.7600.16385 C:/Windows/system32
739c0000 winmm.dll 6.1.7600.16385 C:/Windows/system32
73b40000 cscapi.dll 6.1.7600.16385 C:/Windows/system32
73b50000 DAVHLPR.dll 6.1.7600.16385 C:/Windows/System32
73b60000 davclnt.dll 6.1.7600.16385 C:/Windows/System32
73b80000 ntlanman.dll 6.1.7600.16385 C:/Windows/System32
73ba0000 drprov.dll 6.1.7600.16385 C:/Windows/System32
74320000 gdiplus.dll 6.1.7600.16385 C:/Windows/WinSxS/x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca
744b0000 propsys.dll 7.0.7600.16385 C:/Windows/system32
74730000 ntmarta.dll 6.1.7600.16385 C:/Windows/system32
748e0000 profapi.dll 6.1.7600.16385 C:/Windows/system32
74910000 version.dll 6.1.7600.16385 C:/Windows/system32
74d90000 CRYPTBASE.dll 6.1.7600.16385 C:/Windows/syswow64
74da0000 SspiCli.dll 6.1.7600.16385 C:/Windows/syswow64
74e00000 PSAPI.DLL 6.1.7600.16385 C:/Windows/syswow64
74e10000 CLBCatQ.DLL 2001.12.8530.16385 C:/Windows/syswow64
74fe0000 CFGMGR32.dll 6.1.7600.16385 C:/Windows/syswow64
75010000 comdlg32.dll 6.1.7600.16385 C:/Windows/syswow64
75090000 iertutil.dll 8.0.7600.16385 C:/Windows/syswow64
75290000 MSASN1.dll 6.1.7600.16415 C:/Windows/syswow64
752a0000 SETUPAPI.dll 6.1.7600.16385 C:/Windows/syswow64
75440000 kernel32.dll 6.1.7600.16385 C:/Windows/syswow64
75540000 WS2_32.dll 6.1.7600.16385 C:/Windows/syswow64
75580000 ole32.dll 6.1.7600.16385 C:/Windows/syswow64
756e0000 NSI.dll 6.1.7600.16385 C:/Windows/syswow64
756f0000 ADVAPI32.dll 6.1.7600.16385 C:/Windows/syswow64
75790000 KERNELBASE.dll 6.1.7600.16385 C:/Windows/syswow64
757e0000 shell32.dll 6.1.7600.16385 C:/Windows/syswow64
76430000 USP10.dll 1.626.7600.16385 C:/Windows/syswow64
764d0000 WINTRUST.dll 6.1.7600.16385 C:/Windows/syswow64
76500000 MSCTF.dll 6.1.7600.16385 C:/Windows/syswow64
765d0000 msvcrt.dll 7.0.7600.16385 C:/Windows/syswow64
76680000 GDI32.dll 6.1.7600.16385 C:/Windows/syswow64
76740000 RPCRT4.dll 6.1.7600.16385 C:/Windows/syswow64
76830000 WLDAP32.dll 6.1.7600.16385 C:/Windows/syswow64
76880000 DEVOBJ.dll 6.1.7600.16385 C:/Windows/syswow64
768a0000 SHLWAPI.dll 6.1.7600.16385 C:/Windows/syswow64
76900000 LPK.dll 6.1.7600.16385 C:/Windows/syswow64
76970000 user32.dll 6.1.7600.16385 C:/Windows/syswow64
76b00000 crypt32.dll 6.1.7600.16385 C:/Windows/syswow64
76c20000 sechost.dll 6.1.7600.16385 C:/Windows/SysWOW64
76d40000 IMM32.DLL 6.1.7600.16385 C:/Windows/system32
76da0000 oleaut32.dll 6.1.7600.16385 C:/Windows/syswow64
77230000 ntdll.dll 6.1.7600.16385 C:/Windows/SysWOW64
disassembling:
00405910 public System.DynArraySetLength: ; function entry point
00405910 push ebp
00405911 mov ebp, esp
00405913 add esp, -$20
00405916 push ebx
00405917 push esi
00405918 push edi
00405919 mov [ebp-8], ecx
0040591c mov esi, edx
0040591e mov [ebp-4], eax
00405921 mov ebx, [ebp-4]
00405924 mov ebx, [ebx]
00405926 mov eax, [ebp+8]
00405929 mov edi, [eax]
0040592b test edi, edi
0040592d jg loc_405949
0040592f test edi, edi
00405931 jge loc_40593a
00405933 mov al, 4
00405935 call -$2e92 ($402aa8) ; System.Error
0040593a > mov eax, [ebp-4]
0040593d mov edx, esi
0040593f call -$3c ($405908) ; System.DynArrayClear
00405944 jmp loc_405a91
00405949 xor eax, eax
0040594b mov [ebp-$10], eax
0040594e test ebx, ebx
00405950 jz loc_40595d
00405952 sub ebx, 4
00405955 mov eax, [ebx]
00405957 mov [ebp-$10], eax
0040595a sub ebx, 4
0040595d xor eax, eax
0040595f mov al, [esi+1]
00405962 add esi, eax
00405964 mov eax, [esi+2]
00405967 mov [ebp-$18], eax
0040596a mov eax, [esi+6]
0040596d test eax, eax
0040596f jz loc_405975
00405971 mov esi, [eax]
[...]
----------
date/time : 2010-04-12 23:51
computer name : HOSTBUSTER
user name : Rem0ve
operating system : Windows NT New Tablet PC x64 build 7600
system language : German
system up time : 6 hours 28 minutes
program up time : 1 minute 45 seconds
processors : 2x Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
physical memory : 2047/4091 MB (free/total)
free disk space : (C:) 233,39 GB
display mode : 1366x768, 32 bit
monitors : 1
process id : $1064
allocated memory : 182,26 MB
executable : FlashFXP.exe
executable hash : 370F40D4853967D56580F0699D3958DE
executable size : 3068360
exec. date/time : 2008-02-20 10:52
version : 3.6.0.1240
madExcept version : 2.7k
exception class : EStringListError
exception message : List index out of bounds (24).
main thread ($950):
00462240 FlashFXP.exe StdCtrls 3254 +2 TListBoxStrings.Get
00478da0 FlashFXP.exe Controls 5571 +3 TWinControl.MainWndProc
00466aac FlashFXP.exe Forms 1484 +8 StdWndProc
004768e1 FlashFXP.exe Controls 4233 +37 TControl.WndProc
00479116 FlashFXP.exe Controls 5698 +42 TWinControl.WndProc
00462e45 FlashFXP.exe StdCtrls 3660 +14 TCustomListBox.WndProc
004c449e FlashFXP.exe ThemeMgr 591 +10 TWindowProcList.DispatchMessage
00478da0 FlashFXP.exe Controls 5571 +3 TWinControl.MainWndProc
00466aac FlashFXP.exe Forms 1484 +8 StdWndProc
00415f71 FlashFXP.exe Classes 3217 +4 TStringList.Grow
004160ab FlashFXP.exe Classes 3247 +13 TStringList.InsertItem
0048c148 FlashFXP.exe IniFiles32 951 +15 TIniFile32.WriteSection
005c60da FlashFXP.exe FilterDlg 330 +13 TFrmFilter.bOkClick
00476a76 FlashFXP.exe Controls 4294 +9 TControl.Click
0046177b FlashFXP.exe StdCtrls 2869 +3 TButton.Click
00461887 FlashFXP.exe StdCtrls 2921 +1 TButton.CNCommand
004768e1 FlashFXP.exe Controls 4233 +37 TControl.WndProc
00479116 FlashFXP.exe Controls 5698 +42 TWinControl.WndProc
004616e7 FlashFXP.exe StdCtrls 2849 +13 TButtonControl.WndProc
004c449e FlashFXP.exe ThemeMgr 591 +10 TWindowProcList.DispatchMessage
004c4ce6 FlashFXP.exe ThemeMgr 924 +61 TThemeManager.ButtonControlWindowProc
004c62e4 FlashFXP.exe ThemeMgr 2030 +2 TThemeManager.PreButtonControlWindowProc
00476710 FlashFXP.exe Controls 4158 +5 TControl.Perform
00479287 FlashFXP.exe Controls 5741 +6 DoControlMsg
0047978b FlashFXP.exe Controls 5917 +1 TWinControl.WMCommand
0046b7e8 FlashFXP.exe Forms 4161 +3 TCustomForm.WMCommand
004768e1 FlashFXP.exe Controls 4233 +37 TControl.WndProc
00479116 FlashFXP.exe Controls 5698 +42 TWinControl.WndProc
004699dd FlashFXP.exe Forms 3190 +139 TCustomForm.WndProc
004c449e FlashFXP.exe ThemeMgr 591 +10 TWindowProcList.DispatchMessage
004c4df4 FlashFXP.exe ThemeMgr 1149 +38 TThemeManager.FormWindowProc
004c62f8 FlashFXP.exe ThemeMgr 2056 +2 TThemeManager.PreFormWindowProc
005290ea FlashFXP.exe VistaAltFixUnit 269 +1 TFormObj.WndProc
00478da0 FlashFXP.exe Controls 5571 +3 TWinControl.MainWndProc
00466aac FlashFXP.exe Forms 1484 +8 StdWndProc
772400e3 ntdll.dll KiUserCallbackDispatcher
7698cd7c user32.dll SendMessageW
76997b0a user32.dll CallWindowProcA
0047920b FlashFXP.exe Controls 5720 +18 TWinControl.DefaultHandler
00476e7c FlashFXP.exe Controls 4441 +1 TControl.WMLButtonUp
004768e1 FlashFXP.exe Controls 4233 +37 TControl.WndProc
00479116 FlashFXP.exe Controls 5698 +42 TWinControl.WndProc
004616e7 FlashFXP.exe StdCtrls 2849 +13 TButtonControl.WndProc
004c449e FlashFXP.exe ThemeMgr 591 +10 TWindowProcList.DispatchMessage
004c4ce6 FlashFXP.exe ThemeMgr 924 +61 TThemeManager.ButtonControlWindowProc
004c62e4 FlashFXP.exe ThemeMgr 2030 +2 TThemeManager.PreButtonControlWindowProc
00478da0 FlashFXP.exe Controls 5571 +3 TWinControl.MainWndProc
00466aac FlashFXP.exe Forms 1484 +8 StdWndProc
7698810d user32.dll DispatchMessageA
0046f6a3 FlashFXP.exe Forms 6898 +34 TApplication.ProcessMessage
0046f6da FlashFXP.exe Forms 6936 +1 TApplication.HandleMessage
0046f8fa FlashFXP.exe Forms 7026 +21 TApplication.Run
00624e6c FlashFXP.exe FlashFXP 671 +503 initialization
75453675 kernel32.dll BaseThreadInitThunk
thread $9b8:
772500fd ntdll.dll
75453675 kernel32.dll BaseThreadInitThunk
thread $1484 (TChangeHandlerThread):
772500fd ntdll.dll
757a095c KERNELBASE.dll WaitForMultipleObjectsEx
75451628 kernel32.dll WaitForMultipleObjectsEx
7545191c kernel32.dll WaitForMultipleObjects
00507339 FlashFXP.exe UPTShellControls 4021 +11 TChangeHandlerThread.Execute
0044bcce FlashFXP.exe madExcept HookedTThreadExecute
0041b104 FlashFXP.exe Classes 6898 +1 ThreadProc
00403f38 FlashFXP.exe System ThreadWrapper
0044bc01 FlashFXP.exe madExcept CallThreadProc
0044bc43 FlashFXP.exe madExcept ThreadExceptFrame
75453675 kernel32.dll BaseThreadInitThunk
>> created by main thread ($950) at:
00506fff FlashFXP.exe UPTShellControls 3916 +2 TChangeHandlerThread.Create
thread $1148:
7724fd31 ntdll.dll
757a2c4a KERNELBASE.dll SleepEx
757a351b KERNELBASE.dll Sleep
0044bc01 FlashFXP.exe madExcept CallThreadProc
0044bc43 FlashFXP.exe madExcept ThreadExceptFrame
75453675 kernel32.dll BaseThreadInitThunk
>> created by thread $12c4 at:
755b642e ole32.dll
thread $3ec:
77251ee6 ntdll.dll
75453675 kernel32.dll BaseThreadInitThunk
thread $1510:
77251ee6 ntdll.dll
75453675 kernel32.dll BaseThreadInitThunk
thread $1268:
76987e47 user32.dll
0044bc01 FlashFXP.exe madExcept CallThreadProc
0044bc43 FlashFXP.exe madExcept ThreadExceptFrame
75453675 kernel32.dll BaseThreadInitThunk
>> created by thread $1644 at:
768b480b SHLWAPI.dll
modules:
00400000 FlashFXP.exe 3.6.0.1240 C:/Program Files (x86)/FlashFXP
03a60000 ssleay32.dll 0.9.8.9 C:/Program Files (x86)/FlashFXP
10000000 libeay32.dll 0.9.8.9 C:/Program Files (x86)/FlashFXP
641d0000 wpdshext.dll 6.1.7600.16385 C:/Windows/system32
66960000 EhStorAPI.dll 6.1.7600.16385 C:/Windows/system32
66990000 PortableDeviceApi.dll 6.1.7600.16385 C:/Windows/system32
66a20000 SearchFolder.dll 6.1.7600.16385 C:/Windows/system32
66ac0000 ieproxy.dll 8.0.7600.16535 C:/Program Files (x86)/Internet Explorer
6aae0000 NetworkExplorer.dll 6.1.7600.16385 C:/Windows/system32
6ac90000 actxprxy.dll 6.1.7600.16385 C:/Windows/SysWOW64
6ace0000 StructuredQuery.dll 7.0.7600.16385 C:/Windows/System32
6afc0000 LINKINFO.dll 6.1.7600.16385 C:/Windows/system32
6afd0000 xmllite.dll 1.3.1000.0 C:/Windows/system32
6b1c0000 UIAutomationCore.dll 7.0.0.0 C:/Windows/system32
6b250000 msls31.dll 3.10.349.0 C:/Windows/system32
6cb30000 thumbcache.dll 6.1.7600.16385 C:/Windows/SysWOW64
6cd80000 WMASF.DLL 12.0.7600.16385 C:/Windows/system32
6cdc0000 WMVCore.DLL 12.0.7600.16385 C:/Windows/system32
6d190000 SAMLIB.dll 6.1.7600.16385 C:/Windows/system32
6d630000 ieframe.DLL 8.0.7600.16535 C:/Windows/system32
6e1c0000 audiodev.dll 6.1.7600.16385 C:/Windows/system32
6f7a0000 shdocvw.dll 6.1.7600.16385 C:/Windows/System32
6f8a0000 DUI70.dll 6.1.7600.16385 C:/Windows/system32
6f960000 explorerframe.dll 6.1.7600.16385 C:/Windows/system32
6fcb0000 ntshrui.dll 6.1.7600.16385 C:/Windows/system32
6fd30000 SXS.DLL 6.1.7600.16385 C:/Windows/system32
6fd90000 EhStorShell.dll 6.1.7600.16385 C:/Windows/system32
6fdd0000 DUser.dll 6.1.7600.16385 C:/Windows/system32
6fe00000 slc.dll 6.1.7600.16385 C:/Windows/system32
726b0000 WindowsCodecs.dll 6.1.7600.16385 C:/Windows/system32
72870000 dwmapi.dll 6.1.7600.16385 C:/Windows/system32
72890000 uxtheme.dll 6.1.7600.16385 C:/Windows/system32
729a0000 tiptsf.dll 6.1.7600.16385 C:/Program Files (x86)/Common Files/microsoft shared/ink
72b40000 Secur32.dll 6.1.7600.16385 C:/Windows/System32
72b50000 apphelp.dll 6.1.7600.16385 C:/Windows/system32
72ba0000 rsaenh.dll 6.1.7600.16385 C:/Windows/system32
72be0000 CRYPTSP.dll 6.1.7600.16385 C:/Windows/system32
72c00000 comctl32.dll 6.10.7600.16385 C:/Windows/WinSxS/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
72ea0000 WINSTA.dll 6.1.7600.16385 C:/Windows/System32
73020000 wsock32.dll 6.1.7600.16385 C:/Windows/system32
73040000 wkscli.dll 6.1.7600.16385 C:/Windows/system32
73050000 srvcli.dll 6.1.7600.16385 C:/Windows/system32
73070000 netutils.dll 6.1.7600.16385 C:/Windows/system32
730b0000 winspool.drv 6.1.7600.16385 C:/Windows/system32
73110000 oleacc.dll 7.0.0.0 C:/Windows/system32
73440000 RpcRtRemote.dll 6.1.7600.16385 C:/Windows/system32
73450000 MPR.dll 6.1.7600.16385 C:/Windows/system32
73870000 samcli.dll 6.1.7600.16385 C:/Windows/system32
739c0000 winmm.dll 6.1.7600.16385 C:/Windows/system32
73b40000 cscapi.dll 6.1.7600.16385 C:/Windows/system32
73b50000 DAVHLPR.dll 6.1.7600.16385 C:/Windows/System32
73b60000 davclnt.dll 6.1.7600.16385 C:/Windows/System32
73b80000 ntlanman.dll 6.1.7600.16385 C:/Windows/System32
73ba0000 drprov.dll 6.1.7600.16385 C:/Windows/System32
74320000 gdiplus.dll 6.1.7600.16385 C:/Windows/WinSxS/x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca
744b0000 propsys.dll 7.0.7600.16385 C:/Windows/system32
74730000 ntmarta.dll 6.1.7600.16385 C:/Windows/system32
748e0000 profapi.dll 6.1.7600.16385 C:/Windows/system32
74910000 version.dll 6.1.7600.16385 C:/Windows/system32
74d90000 CRYPTBASE.dll 6.1.7600.16385 C:/Windows/syswow64
74da0000 SspiCli.dll 6.1.7600.16385 C:/Windows/syswow64
74e00000 PSAPI.DLL 6.1.7600.16385 C:/Windows/syswow64
74e10000 CLBCatQ.DLL 2001.12.8530.16385 C:/Windows/syswow64
74fe0000 CFGMGR32.dll 6.1.7600.16385 C:/Windows/syswow64
75010000 comdlg32.dll 6.1.7600.16385 C:/Windows/syswow64
75090000 iertutil.dll 8.0.7600.16385 C:/Windows/syswow64
75290000 MSASN1.dll 6.1.7600.16415 C:/Windows/syswow64
752a0000 SETUPAPI.dll 6.1.7600.16385 C:/Windows/syswow64
75440000 kernel32.dll 6.1.7600.16385 C:/Windows/syswow64
75540000 WS2_32.dll 6.1.7600.16385 C:/Windows/syswow64
75580000 ole32.dll 6.1.7600.16385 C:/Windows/syswow64
756e0000 NSI.dll 6.1.7600.16385 C:/Windows/syswow64
756f0000 ADVAPI32.dll 6.1.7600.16385 C:/Windows/syswow64
75790000 KERNELBASE.dll 6.1.7600.16385 C:/Windows/syswow64
757e0000 shell32.dll 6.1.7600.16385 C:/Windows/syswow64
76430000 USP10.dll 1.626.7600.16385 C:/Windows/syswow64
764d0000 WINTRUST.dll 6.1.7600.16385 C:/Windows/syswow64
76500000 MSCTF.dll 6.1.7600.16385 C:/Windows/syswow64
765d0000 msvcrt.dll 7.0.7600.16385 C:/Windows/syswow64
76680000 GDI32.dll 6.1.7600.16385 C:/Windows/syswow64
76740000 RPCRT4.dll 6.1.7600.16385 C:/Windows/syswow64
76830000 WLDAP32.dll 6.1.7600.16385 C:/Windows/syswow64
76880000 DEVOBJ.dll 6.1.7600.16385 C:/Windows/syswow64
768a0000 SHLWAPI.dll 6.1.7600.16385 C:/Windows/syswow64
76900000 LPK.dll 6.1.7600.16385 C:/Windows/syswow64
76970000 user32.dll 6.1.7600.16385 C:/Windows/syswow64
76b00000 crypt32.dll 6.1.7600.16385 C:/Windows/syswow64
76c20000 sechost.dll 6.1.7600.16385 C:/Windows/SysWOW64
76d40000 IMM32.DLL 6.1.7600.16385 C:/Windows/system32
76da0000 oleaut32.dll 6.1.7600.16385 C:/Windows/syswow64
77230000 ntdll.dll 6.1.7600.16385 C:/Windows/SysWOW64
disassembling:
[...]
004621fa push $46226e ; System.@HandleFinally
004621ff push dword ptr fs:[eax]
00462202 mov fs:[eax], esp
00462205 3253 lea eax, [ebp-$1004]
0046220b push eax
0046220c push edi
0046220d push $189
00462212 mov eax, [esi+$c]
00462215 call +$192f2 ($47b50c) ; Controls.TWinControl.GetHandle
0046221a push eax
0046221b call -$5a5b8 ($407c68) ; Windows.SendMessage
00462220 mov ebx, eax
00462222 3254 test ebx, ebx
00462224 jge loc_462245
00462226 lea edx, [ebp-$1008]
0046222c mov eax, [$637a30]
00462231 call -$5c24a ($405fec) ; System.LoadResString
00462236 mov edx, [ebp-$1008]
0046223c mov ecx, edi
0046223e mov eax, esi
00462240 > call -$4d3fd ($414e48) ; Classes.TStrings.Error
00462245 3255 lea edx, [ebp-$1004]
0046224b mov eax, [ebp-4]
0046224e mov ecx, ebx
00462250 call -$5e1dd ($404078) ; System.@LStrFromPCharLen
00462255 xor eax, eax
00462257 pop edx
00462258 pop ecx
00462259 pop ecx
0046225a mov fs:[eax], edx
0046225d push $462275
00462262 lea eax, [ebp-$1008]
00462268 call -$5e2d9 ($403f94) ; System.@LStrClr
0046226d ret
0046226e jmp -$5e923 ($403950) ; System.@HandleFinally
00462273 jmp loc_462262
00462275 3256 pop edi
00462276 pop esi
00462277 pop ebx
00462278 mov esp, ebp
0046227a pop ebp
[...]
------
date/time : 2010-04-12 23:33
computer name : HOSTBUSTER
user name : Rem0ve
operating system : Windows NT New Tablet PC x64 build 7600
system language : German
system up time : 6 hours 10 minutes
program up time : 1 minute
processors : 2x Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
physical memory : 2041/4091 MB (free/total)
free disk space : (C:) 233,38 GB
display mode : 1366x768, 32 bit
monitors : 1
process id : $d00
allocated memory : 49,27 MB
executable : FlashFXP.exe
executable hash : 370F40D4853967D56580F0699D3958DE
executable size : 3068360
exec. date/time : 2008-02-20 10:52
version : 3.6.0.1240
madExcept version : 2.7k
exception class : EStringListError
exception message : List index out of bounds (0).
main thread ($12bc):
00462240 FlashFXP.exe StdCtrls 3254 +2 TListBoxStrings.Get
004768e1 FlashFXP.exe Controls 4233 +37 TControl.WndProc
00479116 FlashFXP.exe Controls 5698 +42 TWinControl.WndProc
004b87e0 FlashFXP.exe ComCtrls 12780 +13 TCustomListView.WndProc
004c449e FlashFXP.exe ThemeMgr 591 +10 TWindowProcList.DispatchMessage
004c5197 FlashFXP.exe ThemeMgr 1344 +18 TThemeManager.ListviewWindowProc
004c6320 FlashFXP.exe ThemeMgr 2093 +2 TThemeManager.PreListviewWindowProc
00476710 FlashFXP.exe Controls 4158 +5 TControl.Perform
00479287 FlashFXP.exe Controls 5741 +6 DoControlMsg
004797ad FlashFXP.exe Controls 5922 +1 TWinControl.WMNotify
004768e1 FlashFXP.exe Controls 4233 +37 TControl.WndProc
00479116 FlashFXP.exe Controls 5698 +42 TWinControl.WndProc
004c449e FlashFXP.exe ThemeMgr 591 +10 TWindowProcList.DispatchMessage
004c5892 FlashFXP.exe ThemeMgr 1566 +57 TThemeManager.PanelWindowProc
004c6334 FlashFXP.exe ThemeMgr 2104 +2 TThemeManager.PrePanelWindowProc
00478da0 FlashFXP.exe Controls 5571 +3 TWinControl.MainWndProc
00466aac FlashFXP.exe Forms 1484 +8 StdWndProc
772400e3 ntdll.dll KiUserCallbackDispatcher
7698cd7c user32.dll SendMessageW
0047bcd7 FlashFXP.exe Controls 7500 +20 DoCalcConstraints
004768e1 FlashFXP.exe Controls 4233 +37 TControl.WndProc
00479116 FlashFXP.exe Controls 5698 +42 TWinControl.WndProc
00466aac FlashFXP.exe Forms 1484 +8 StdWndProc
004768e1 FlashFXP.exe Controls 4233 +37 TControl.WndProc
00479116 FlashFXP.exe Controls 5698 +42 TWinControl.WndProc
004c449e FlashFXP.exe ThemeMgr 591 +10 TWindowProcList.DispatchMessage
004c5892 FlashFXP.exe ThemeMgr 1566 +57 TThemeManager.PanelWindowProc
004c449e FlashFXP.exe ThemeMgr 591 +10 TWindowProcList.DispatchMessage
00478da0 FlashFXP.exe Controls 5571 +3 TWinControl.MainWndProc
00466aac FlashFXP.exe Forms 1484 +8 StdWndProc
772400e3 ntdll.dll KiUserCallbackDispatcher
769aef3b user32.dll SendMessageA
004621d0 FlashFXP.exe StdCtrls 3245 +1 TListBoxStrings.GetCount
00414fb1 FlashFXP.exe Classes 2777 +2 TStrings.GetCommaText
005b3975 FlashFXP.exe FrmVD1 176 +10 TFrmVD.bOk2Click
00476a76 FlashFXP.exe Controls 4294 +9 TControl.Click
0046177b FlashFXP.exe StdCtrls 2869 +3 TButton.Click
00461887 FlashFXP.exe StdCtrls 2921 +1 TButton.CNCommand
004768e1 FlashFXP.exe Controls 4233 +37 TControl.WndProc
00479116 FlashFXP.exe Controls 5698 +42 TWinControl.WndProc
004616e7 FlashFXP.exe StdCtrls 2849 +13 TButtonControl.WndProc
004c449e FlashFXP.exe ThemeMgr 591 +10 TWindowProcList.DispatchMessage
004c4ce6 FlashFXP.exe ThemeMgr 924 +61 TThemeManager.ButtonControlWindowProc
004c62e4 FlashFXP.exe ThemeMgr 2030 +2 TThemeManager.PreButtonControlWindowProc
00476710 FlashFXP.exe Controls 4158 +5 TControl.Perform
00479287 FlashFXP.exe Controls 5741 +6 DoControlMsg
0047978b FlashFXP.exe Controls 5917 +1 TWinControl.WMCommand
004768e1 FlashFXP.exe Controls 4233 +37 TControl.WndProc
00479116 FlashFXP.exe Controls 5698 +42 TWinControl.WndProc
004c449e FlashFXP.exe ThemeMgr 591 +10 TWindowProcList.DispatchMessage
004c5892 FlashFXP.exe ThemeMgr 1566 +57 TThemeManager.PanelWindowProc
004c6334 FlashFXP.exe ThemeMgr 2104 +2 TThemeManager.PrePanelWindowProc
00478da0 FlashFXP.exe Controls 5571 +3 TWinControl.MainWndProc
00466aac FlashFXP.exe Forms 1484 +8 StdWndProc
772400e3 ntdll.dll KiUserCallbackDispatcher
7698cd7c user32.dll SendMessageW
76997b0a user32.dll CallWindowProcA
0047920b FlashFXP.exe Controls 5720 +18 TWinControl.DefaultHandler
00476e7c FlashFXP.exe Controls 4441 +1 TControl.WMLButtonUp
004768e1 FlashFXP.exe Controls 4233 +37 TControl.WndProc
00479116 FlashFXP.exe Controls 5698 +42 TWinControl.WndProc
004616e7 FlashFXP.exe StdCtrls 2849 +13 TButtonControl.WndProc
004c449e FlashFXP.exe ThemeMgr 591 +10 TWindowProcList.DispatchMessage
004c4ce6 FlashFXP.exe ThemeMgr 924 +61 TThemeManager.ButtonControlWindowProc
004c62e4 FlashFXP.exe ThemeMgr 2030 +2 TThemeManager.PreButtonControlWindowProc
00478da0 FlashFXP.exe Controls 5571 +3 TWinControl.MainWndProc
00466aac FlashFXP.exe Forms 1484 +8 StdWndProc
7698810d user32.dll DispatchMessageA
0046f6a3 FlashFXP.exe Forms 6898 +34 TApplication.ProcessMessage
0046f6da FlashFXP.exe Forms 6936 +1 TApplication.HandleMessage
0046f8fa FlashFXP.exe Forms 7026 +21 TApplication.Run
00624e6c FlashFXP.exe FlashFXP 671 +503 initialization
75453675 kernel32.dll BaseThreadInitThunk
thread $13a8:
77251ee6 ntdll.dll
75453675 kernel32.dll BaseThreadInitThunk
thread $660:
77251ee6 ntdll.dll
75453675 kernel32.dll BaseThreadInitThunk
thread $1420:
77251ee6 ntdll.dll
75453675 kernel32.dll BaseThreadInitThunk
thread $1554:
772500fd ntdll.dll
75453675 kernel32.dll BaseThreadInitThunk
thread $1518 (TChangeHandlerThread):
772500fd ntdll.dll
757a095c KERNELBASE.dll WaitForMultipleObjectsEx
75451628 kernel32.dll WaitForMultipleObjectsEx
7545191c kernel32.dll WaitForMultipleObjects
00507339 FlashFXP.exe UPTShellControls 4021 +11 TChangeHandlerThread.Execute
0044bcce FlashFXP.exe madExcept HookedTThreadExecute
0041b104 FlashFXP.exe Classes 6898 +1 ThreadProc
00403f38 FlashFXP.exe System ThreadWrapper
0044bc01 FlashFXP.exe madExcept CallThreadProc
0044bc43 FlashFXP.exe madExcept ThreadExceptFrame
75453675 kernel32.dll BaseThreadInitThunk
>> created by main thread ($12bc) at:
00506fff FlashFXP.exe UPTShellControls 3916 +2 TChangeHandlerThread.Create
thread $1660:
77251ee6 ntdll.dll
75453675 kernel32.dll BaseThreadInitThunk
modules:
00400000 FlashFXP.exe 3.6.0.1240 C:/Program Files (x86)/FlashFXP
03570000 ssleay32.dll 0.9.8.9 C:/Program Files (x86)/FlashFXP
10000000 libeay32.dll 0.9.8.9 C:/Program Files (x86)/FlashFXP
641d0000 wpdshext.dll 6.1.7600.16385 C:/Windows/system32
66960000 EhStorAPI.dll 6.1.7600.16385 C:/Windows/system32
66990000 PortableDeviceApi.dll 6.1.7600.16385 C:/Windows/system32
6cd80000 WMASF.DLL 12.0.7600.16385 C:/Windows/system32
6cdc0000 WMVCore.DLL 12.0.7600.16385 C:/Windows/system32
6e180000 audiodev.dll 6.1.7600.16385 C:/Windows/system32
6f7a0000 shdocvw.dll 6.1.7600.16385 C:/Windows/System32
6fcb0000 ntshrui.dll 6.1.7600.16385 C:/Windows/system32
6fd90000 EhStorShell.dll 6.1.7600.16385 C:/Windows/system32
6fe00000 slc.dll 6.1.7600.16385 C:/Windows/system32
726b0000 WindowsCodecs.dll 6.1.7600.16385 C:/Windows/system32
72870000 dwmapi.dll 6.1.7600.16385 C:/Windows/system32
72890000 uxtheme.dll 6.1.7600.16385 C:/Windows/system32
729a0000 tiptsf.dll 6.1.7600.16385 C:/Program Files (x86)/Common Files/microsoft shared/ink
72b50000 apphelp.dll 6.1.7600.16385 C:/Windows/system32
72c00000 comctl32.dll 6.10.7600.16385 C:/Windows/WinSxS/x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc
72ea0000 WINSTA.dll 6.1.7600.16385 C:/Windows/System32
73020000 wsock32.dll 6.1.7600.16385 C:/Windows/system32
73040000 wkscli.dll 6.1.7600.16385 C:/Windows/system32
73050000 srvcli.dll 6.1.7600.16385 C:/Windows/system32
73070000 netutils.dll 6.1.7600.16385 C:/Windows/system32
730b0000 winspool.drv 6.1.7600.16385 C:/Windows/system32
73110000 oleacc.dll 7.0.0.0 C:/Windows/system32
73450000 MPR.dll 6.1.7600.16385 C:/Windows/system32
739c0000 winmm.dll 6.1.7600.16385 C:/Windows/system32
73b40000 cscapi.dll 6.1.7600.16385 C:/Windows/system32
73b50000 DAVHLPR.dll 6.1.7600.16385 C:/Windows/System32
73b60000 davclnt.dll 6.1.7600.16385 C:/Windows/System32
73b80000 ntlanman.dll 6.1.7600.16385 C:/Windows/System32
73ba0000 drprov.dll 6.1.7600.16385 C:/Windows/System32
74320000 gdiplus.dll 6.1.7600.16385 C:/Windows/WinSxS/x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca
744b0000 propsys.dll 7.0.7600.16385 C:/Windows/system32
74730000 ntmarta.dll 6.1.7600.16385 C:/Windows/system32
748e0000 profapi.dll 6.1.7600.16385 C:/Windows/system32
74910000 version.dll 6.1.7600.16385 C:/Windows/system32
74d90000 CRYPTBASE.dll 6.1.7600.16385 C:/Windows/syswow64
74da0000 SspiCli.dll 6.1.7600.16385 C:/Windows/syswow64
74e10000 CLBCatQ.DLL 2001.12.8530.16385 C:/Windows/syswow64
74fe0000 CFGMGR32.dll 6.1.7600.16385 C:/Windows/syswow64
75010000 comdlg32.dll 6.1.7600.16385 C:/Windows/syswow64
75290000 MSASN1.dll 6.1.7600.16415 C:/Windows/syswow64
752a0000 SETUPAPI.dll 6.1.7600.16385 C:/Windows/syswow64
75440000 kernel32.dll 6.1.7600.16385 C:/Windows/syswow64
75540000 WS2_32.dll 6.1.7600.16385 C:/Windows/syswow64
75580000 ole32.dll 6.1.7600.16385 C:/Windows/syswow64
756e0000 NSI.dll 6.1.7600.16385 C:/Windows/syswow64
756f0000 ADVAPI32.dll 6.1.7600.16385 C:/Windows/syswow64
75790000 KERNELBASE.dll 6.1.7600.16385 C:/Windows/syswow64
757e0000 shell32.dll 6.1.7600.16385 C:/Windows/syswow64
76430000 USP10.dll 1.626.7600.16385 C:/Windows/syswow64
764d0000 WINTRUST.dll 6.1.7600.16385 C:/Windows/syswow64
76500000 MSCTF.dll 6.1.7600.16385 C:/Windows/syswow64
765d0000 msvcrt.dll 7.0.7600.16385 C:/Windows/syswow64
76680000 GDI32.dll 6.1.7600.16385 C:/Windows/syswow64
76740000 RPCRT4.dll 6.1.7600.16385 C:/Windows/syswow64
76830000 WLDAP32.dll 6.1.7600.16385 C:/Windows/syswow64
76880000 DEVOBJ.dll 6.1.7600.16385 C:/Windows/syswow64
768a0000 SHLWAPI.dll 6.1.7600.16385 C:/Windows/syswow64
76900000 LPK.dll 6.1.7600.16385 C:/Windows/syswow64
76970000 user32.dll 6.1.7600.16385 C:/Windows/syswow64
76b00000 crypt32.dll 6.1.7600.16385 C:/Windows/syswow64
76c20000 sechost.dll 6.1.7600.16385 C:/Windows/SysWOW64
76d40000 IMM32.DLL 6.1.7600.16385 C:/Windows/system32
76da0000 oleaut32.dll 6.1.7600.16385 C:/Windows/syswow64
77230000 ntdll.dll 6.1.7600.16385 C:/Windows/SysWOW64
disassembling:
[...]
004621fa push $46226e ; System.@HandleFinally
004621ff push dword ptr fs:[eax]
00462202 mov fs:[eax], esp
00462205 3253 lea eax, [ebp-$1004]
0046220b push eax
0046220c push edi
0046220d push $189
00462212 mov eax, [esi+$c]
00462215 call +$192f2 ($47b50c) ; Controls.TWinControl.GetHandle
0046221a push eax
0046221b call -$5a5b8 ($407c68) ; Windows.SendMessage
00462220 mov ebx, eax
00462222 3254 test ebx, ebx
00462224 jge loc_462245
00462226 lea edx, [ebp-$1008]
0046222c mov eax, [$637a30]
00462231 call -$5c24a ($405fec) ; System.LoadResString
00462236 mov edx, [ebp-$1008]
0046223c mov ecx, edi
0046223e mov eax, esi
00462240 > call -$4d3fd ($414e48) ; Classes.TStrings.Error
00462245 3255 lea edx, [ebp-$1004]
0046224b mov eax, [ebp-4]
0046224e mov ecx, ebx
00462250 call -$5e1dd ($404078) ; System.@LStrFromPCharLen
00462255 xor eax, eax
00462257 pop edx
00462258 pop ecx
00462259 pop ecx
0046225a mov fs:[eax], edx
0046225d push $462275
00462262 lea eax, [ebp-$1008]
00462268 call -$5e2d9 ($403f94) ; System.@LStrClr
0046226d ret
0046226e jmp -$5e923 ($403950) ; System.@HandleFinally
00462273 jmp loc_462262
00462275 3256 pop edi
00462276 pop esi
00462277 pop ebx
00462278 mov esp, ebp
0046227a pop ebp
[...]
-----
Analysis Picture(s):
../Analyses/bugreport.txt
../Analyses/bugreport2.txt
../Analyses/bugreport3.txt
Picture(s):
../1.png
../2.png
Proof of Concept (PoC):
=======================
This vulnerabilities can be exploited by local attackers to crash/stop the software ...
The problem can be reproduced over the import function of flashfxp as .dat extension.
Example Insertion:
[Default Sites
Web Browsers
Opera]
IP=[String].com // <= Include Over-Sized Url on [String]
Port=21
User=anonymous
anonymous=1
Options=300333300003300110300001000
Created=38187.2293877083
Pass=
Path=/pub/opera/
References:
../PoC/Sites.dat
Reproduce the other crash ...
1. Options => File Associations
2. Add => File Mask (*.*)
3. Include over-sized String & switch down + choose the empty field what is now included hidden
4. Check on Viewing & Editing & klick "Ok"
5. Feel free and get stable crashed ^^
Security Risk:
==============
A local attacker is able to crash the software with different critical software errors & exceptions.
The security risk of the vulnerability is estimated as medium.
Credits & Authors:
==================
Vulnerability Research Laboratory
Disclaimer & Information:
=========================
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties,
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation
may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases
or trade with fraud/stolen material.
Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.vulnerability-lab.com/register
Contact: [email protected] - [email protected] - [email protected]
Section: video.vulnerability-lab.com - forum.vulnerability-lab.com - news.vulnerability-lab.com
Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab
Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php
Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory.
Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other
media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, sourcecode, videos and
other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed),
modify, use or edit our material contact ([email protected] or [email protected]) to get a permission.
Copyright © 2012 | Vulnerability Laboratory
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Jul 2011 00:00Current
7.1High risk
Vulners AI Score7.1